S.E.C. Project NextGen Phase 1
Technical Architecture
Features
Architecture Overview

Full Tech Stack

End-to-end technical architecture for the HK-based manufacturing platform.

Cloud
Alibaba (HK only)
Databases
1 (PolarDB HK)
CN Filings
Privacy notice only
Factory Access
Read BOM · Write status
Timeline
4–5 months
Regions
HK + SZ
Cloud Strategy
Single Cloud
User Journey

From Order to Factory Floor

How a client order from Nike or Adidas flows through the platform — from the moment it arrives to the moment the factory begins production.

Client
HK Office Team
AI System
SZ Factory
Client
Order Received

Nike, Adidas, Lululemon or On Apparel sends a new production order to the HK office.

Nike Adidas Lululemon
AI System
Validate Order

AI scans the order and flags any missing fields — address, fabric spec, colour — and predicts delivery risks before proceeding.

AI Risk Detection
AI System
AI Generates BOM

Gemini AI reads the product spec and auto-generates a complete Bill of Materials with quantities, grounded in the client's BOM library.

Gemini AI
SZ Factory / HK Team
Review & Adjust

SZ Factory or HK Team reviews the BOM, drag-reorders priority, edits quantities, and confirms the materials list.

Edit Reorder
SZ Factory
Factory Dispatch

Confirmed order + BOM + sample goods image dispatched to SZ Factory. AI recommends the best factory based on capacity.

AI Factory Score
SZ Factory
Export & Print

Factory exports the material collection list as PDF and prints it for the warehouse and production floor team.

PDF Print
Order Intake
Steps 1–2

Client submits order. HK team validates completeness. AI flags delivery risks before production begins.

AI-Powered Processing
Steps 3–4

AI generates BOM from product specs. SZ Factory / HK team reviews, edits, and confirms the materials list before dispatch.

Production & Export
Steps 5–6

Order dispatched to SZ Factory with BOM and sample image. Factory exports and prints the material collection list for the production floor.

Data Flow

End-to-End Request Flow

How a single order flows through the entire stack

1
HK Sales team creates order
Browser → Cloudflare CDN → Vercel (Next.js) → HK Office in HQ
2
Order submitted
Next.js API → Alibaba IDaaS (JWT) → PolarDB PostgreSQL (HK) → Order created
3
AI generates BOM AI
Order details → Vercel AI SDK (`generateObject`) → Gemini 2.0 Pro (Vertex AI) → Zod-validated BOM JSON → Saved to DB
4
AI predicts delivery risk AI
Historical data + inventory + factory capacity → Gemini → Risk score + recommendations
5
Dispatch to China factory
PolarDB (HK) → Server generates signed work packet (BOM + design refs only, no PII) → Cloudflare China Network → Factory browser caches in IndexedDB
6
Production & acknowledgment
Factory taps "Start / Progress / Complete" → Optimistic UI + IndexedDB outbox → HTTPS POST to PolarDB (HK) via narrow scoped API → Sales dashboard updated in real-time
Single Source of Truth · Narrow Factory API
Alibaba
Cloud
Hong Kong
cn-hongkong · PolarDB
Single source of truth
→ Read BOM
← Write Status
Cloudflare CN · no PII
Shenzhen Factory
Thin client · narrow RBAC
IndexedDB + outbox queue
Layer 1
Users
Multi-region
HK Office Team
SZ Factory
HTTPS / TLS 1.3
Layer 2
Frontend
Global CDN
Next.js 15 TypeScript Tailwind CSS shadcn/ui React Hook Form Zod TanStack Query i18next (EN/中文)
Vercel Edge Network
Layer 3
Hosting & CDN
Multi-region
Hong Kong (Primary)
PRIMARY
Vercel · Mars-hosted Alibaba cn-hongkong (API) · Client account Function Compute / ECS · Client account Cloudflare China Network · Client account
Compute layer on Mars's Vercel (licensed) · data layer on client's Alibaba account (sovereign)
Shenzhen Factory (Thin Client)
NO DATA
Browser (Next.js PWA) Service Worker (offline) IndexedDB (BOM cache) Outbox Queue (status writes)
Zero data stored in mainland · MLPS 2.0 Level 1 self-assessment · no PIPL Standard Contract
API Gateway + Auth
Layer 4
Backend / API
JWT + RBAC
Next.js API Routes Prisma ORM tRPC / REST Alibaba IDaaS (Auth) Factory-Scoped RBAC (read BOM · write status) Rate Limiting
Service Orchestration
Layer 5a
AI Layer
AI Provider
Gemini (Pro + Flash) via Vertex AI
Orchestration
LiteLLM Router Vercel AI SDK
Prompt Ops
Consistency
Langfuse Zod schema validation
Versioned prompts · golden dataset · A/B eval · structured outputs enforced by Zod
AI Use Cases: BOM generation, risk prediction, factory scoring, document OCR
Layer 5b
Data
Primary DB · HK (Alibaba)
HK
PolarDB for PostgreSQL Multi-AZ Tair (Redis)
Source of truth · orders · BOM · clients · client's Alibaba account (data sovereignty)
→ Narrow Factory API (no PII)
Scoped
📖 READ (cached in IndexedDB)
GET /work-orders/assigned GET /bom/:id GET /design/:id
✏️ WRITE (status updates only)
POST /work-orders/:id/start POST /work-orders/:id/progress POST /work-orders/:id/complete POST /qa-photo
State machine enforced server-side · outbox queue in browser for offline resilience · every write signed + timestamped
File Storage
Alibaba OSS (HK) · designs · QA photos Cloudflare R2 edge cache (optional)
All files in HK · client's Alibaba OSS bucket · CDN delivers to SZ with edge caching for heavy design files
Analytics / Search
PostHog (analytics) Postgres full-text search
External Integrations
Layer 6
External Integrations
ERP System · Hybrid Sync
TOGO Cloud ERP (existing) Webhooks (push · real-time) REST API (pull · reconcile) Idempotency keys Outbox pattern
Webhooks for live events · REST polls every 5 min catches missed hooks
Document Processing
react-pdf (generate + print)
DevOps & Security (Cross-cutting)
Layer 7
DevOps, Security & Monitoring
Centralized Observability (Alibaba HK + Factory Browser RUM)
Unified logs · traces · metrics
Alibaba HK Source
SLS + CloudMonitor PolarDB metrics
Unified Pane + Frontend RUM
Datadog OpenTelemetry Browser RUM (SZ)
Single backend source of truth · factory browser reports page load, outbox queue depth, API latency · one timeline for every incident
CI/CD
GitHub GitHub Actions
Error Tracking
Sentry
Security
Cloudflare WAF
Testing
Vitest Playwright
Client Setup

What You'll Need to Prepare

Mars builds and hosts the app. Here's what stays on your side — hardware, cloud accounts, and data — so you own your data and cloud footprint from day one.

Hardware
Mostly BYOD
  • Staff work phones (BYOD) — you already have these
    Any iOS 15+ / Android 10+ phone. Used by factory staff to scan work orders at each station, and by HK sales to check orders on the go.
  • Office laptops / desktops — you already have these
    For HK sales team and admin. Any modern Chrome/Edge/Safari browser.
  • Thermal label printer — ~HKD 1,500 one-time
    At SZ factory reception to print QR-coded work order labels at dispatch. Standard 4"×6" thermal printer (Rongta, Zebra GK420, or equivalent).
  • USB/Bluetooth scanners — optional
    Only if phone-camera scanning proves too slow at high-volume stations. ~HKD 200–500 per scanner. Can be added after launch based on actual usage.
Cloud Accounts
Client-owned
  • Alibaba Cloud (HK region)
    Hosts your database (PolarDB), files (OSS), identity (IDaaS), logs (SLS), monitoring (CloudMonitor). All your data lives here, under your account.
  • Cloudflare
    DNS, WAF security, and China Network for legal mainland delivery. Covers your domain globally including SZ factory access.
  • Google Cloud + Vertex AI
    Runs Gemini for AI BOM generation. Pay-per-use, no commitment. Mars sets up the project under your billing.
  • Company domain + email
    For SSO login (e.g. staff@yourcompany.com) and system notifications. Use your existing domain.
Mars handles setup. We configure each service; billing flows directly to you. You can audit, download, or revoke at any time.
Data & People
To seed the system
  • Material Master · critical
    SKU list of heat-transfer materials (films, inks, adhesives, etc.) with unit, cost, supplier, lead time, MOQ. CSV/Excel or TOGO export.
  • BOM Library seed · critical
    5–8 approved BOM templates per product type (reflective logo, full-print, etc.) with reference images and quantities. Can grow over time.
  • Factory master data
    SZ factory line list, station workflow per product type, operator shift schedule.
  • User list & roles
    Staff names + email + role (sales / factory operator / QC lead / admin). Used to provision IDaaS accounts.
  • Historical orders · optional
    12 months of past orders + finalised BOMs. Not required for MVP, but accelerates AI accuracy if provided.
Low barrier to start

No new tablets, no custom scanners, no native apps. If you already have staff work phones and an internet connection, you're 90% there. The heaviest lift is the Material Master and BOM Library seed data — Mars helps structure them in a kickoff workshop.

Access Security

Restrict Access to Company Network Only

Two ways to lock the app down so only authorised devices / users can reach it. Click each option to expand.

A
IP Allowlist at Cloudflare WAF
Simplest — lock down by office / factory public IP
Lightest

Configure a Cloudflare WAF rule that blocks every request not originating from the HK office public IP, the SZ factory public IP, or a short allowlist of approved locations. No client software, no added latency — just a firewall rule in front of the app.

Cost Structure
  • Cloudflare WAF (already in stack)included
  • Setup + runbook (one-off)~HKD 5k
  • Ongoing / yearHKD 0
B
Corporate VPN (Alibaba Cloud VPN Gateway)
Traditional — staff connect via VPN client before using the app
Traditional

Deploy a licensed enterprise VPN gateway. Staff install a VPN client on their laptop / tablet and connect before opening the app — all traffic is tunnelled through the company's VPN IP, which is the only IP the WAF allows. Legal for SZ factory use (consumer VPNs are not).

Cost Structure
  • Alibaba Cloud VPN Gateway~HKD 1.2k / month
  • VPN client rollout + device config (one-off)~HKD 40k
  • Ongoing admin (add/remove users, troubleshooting)~HKD 20k / year
  • Ongoing / year~HKD 34k
Prerequisites

What the Client Must Provide

Required for ManufactureOS to work for heat-transfer products manufacturing at the SZ factory. Missing items will delay go-live or reduce AI accuracy.

Scope: Heat-Transfer Products
Factory: SZ only (Phase 1)
CRITICAL
BOM Library
Product recipes with reference images

Approved BOM templates per product type — each template is a list of Material Master references + quantities + instructions + a reference image of the finished product. Grounds the AI so Gemini can't hallucinate materials.

  • Product categories (reflective logo · full-print · numbers · sublimation patch…)
  • Materials list per template (references to Material Master SKUs)
  • Quantity per unit + scaling rules
  • Reference image of finished product (QC visual check)
  • Assembly / press instructions (temperature · time · pressure)
  • Version control + approval workflow
Format: Seed 5–8 templates at POC · grow to 30+ at MVP · admin-editable in-app
CRITICAL
Material Master
Canonical SKU catalogue

The atomic vocabulary — every raw material the factory uses, as a unique SKU with spec, unit, cost, supplier, lead time, MOQ. Every BOM Library row references a Material Master SKU, so a price or supplier change updates everywhere automatically.

  • Transfer films (PU · PVC · TPU · reflective)
  • Inks & pigments (plastisol · water-based · sublimation)
  • Adhesives & hot-melt glues
  • Release liners · carrier papers · backing sheets
  • Foils · rhinestones · specialty add-ons
  • Per SKU: unit of measure · unit cost · preferred supplier · lead time · MOQ · safety stock
Format: CSV / Excel / TOGO export · recommend 150+ SKUs across film, ink, adhesive categories
CRITICAL
SZ Factory Master Data
Capacity, equipment, capabilities

SZ factory's production data. Drives AI capacity prediction and delivery-risk scoring. (Other factories will be added in future phases.)

  • Heat-press machines · count · type · throughput
  • Printing lines (screen · digital · DTF · sublimation)
  • Daily / weekly capacity by product type
  • Typical turnaround time per batch size
  • Quality ratings · defect history
CRITICAL
TOGO ERP API Access
Integration credentials

ManufactureOS augments TOGO — it doesn't replace it. API access is required for two-way sync.

  • API keys · OAuth credentials
  • Sandbox environment for testing
  • Webhook endpoints configured
  • TOGO vendor contact for support
  • Data schema documentation
HIGH
Historical Order Data
For AI risk & capacity prediction

Past 12–24 months of heat-transfer orders — AI uses this to predict delivery risk and SZ capacity loading.

  • Past orders with outcomes (on-time · late · reject)
  • Seasonal volume patterns
  • Inventory snapshots at SZ
  • Defect / rework rates per product category
HIGH
Client & User Directory
Who can log in, who can order

Identity data for authentication and role-based access control.

  • HK office team list (name · email · role)
  • SZ factory staff list (login only — no PII)
  • Role definitions (Sales · Ops · QA · Factory)
MEDIUM
Compliance & Legal
PIPL · MLPS · DPAs

Legal artefacts needed before cross-border data flow is active.

  • Privacy policy (EN + 中文)
  • Employee notice for factory login (PIPL Art. 13)
  • MLPS 2.0 Level 1 self-assessment (no filing)
  • PIPL Standard Contract — not required (no data stored in CN)
Critical-Path Warning

The 4 items marked CRITICAL block go-live. If the client cannot provide a heat-transfer BOM library, design history, SZ factory master data, and TOGO API access, the project timeline shifts from 4–5 months to 7–8 months while we help build that data from scratch.

HT BOM Library
+6 weeks if missing
Design History
+4 weeks if missing
SZ Factory Data
+2 weeks if missing
TOGO API
+3 weeks if delayed
Client Readiness Checklist
Pre-kickoff
Phase 2 roadmap: Vietnam · Cambodia factories — requires their master data at that time.
Key Choices

Why This Stack?

Narrow-Waist Factory API
One PolarDB in HK as the single source of truth — no DTS, no dual-write, no sync bugs. SZ factory is a thin browser client with a scoped read-BOM + write-status API. Zero PII ever crosses the border.
China-Ready, Minimal Scope
Frontend hosted outside CN → no ICP filing. Cloudflare China Network delivers mainland-grade speed. No data stored in mainland → MLPS 2.0 Level 1 self-assessment only, no PIPL Standard Contract.
Cost-Optimized
One database, one region, one cloud vendor — saves ~HKD 45k/year on infra (no SZ PolarDB, no DTS) and ~HKD 60k one-time on compliance (no Standard Contract, no MLPS L2 filing). Gemini via Vertex AI ~40% cheaper than Claude.
TOGO-Compatible
Doesn't replace TOGO — augments it. API-first design means client keeps existing ERP investment while gaining AI superpowers.
Scalable
Starts small, scales to enterprise. Add factories, clients, and users without architectural changes. Swap components as needed.
Enterprise-Ready
SSO, audit logs, role-based access, encryption, and compliance features built-in.
Commercial Model

Licensed Platform

Clean separation of ownership. Client keeps full control of their commercial data. Mars retains source-code IP for ongoing maintenance and future apps.

Mars Owns
  • • Source code IP
  • • Vercel compute layer
  • • Deployment + updates
Client Owns
  • • All data (PolarDB, OSS)
  • • Alibaba + Cloudflare accounts
  • • Right to use + extend via Mars